Mike O’Malley, Radware, explains how businesses can get 5G security right .
At the start of 2020, everyone in mobile was expecting 5G to launch at a normal pace. Speculation was rife on new handsets, and the anticipation of exciting new IoT applications and wearables, through to mainstream use of AR and VR.
There have been hiccups Down Under, with the economic downturn and Australia sidelining Huawai, but roll-out is proceeding, at least in the big cities and more populated areas.
For operators the financial climate means there have been tough decisions to make. Continue to invest despite the prospect of greatly reduced revenues compared to the business plan they built pre-recession? Or plough on, hopeful that the different way of working and living is here to stay for some time, hence consumer interest may accelerate in some areas.
For instance, replacing home broadband with 5G could thrive as a result of the lockdown. People will review their expenditure and what makes them happy. We’ve already seen the uptake of more subscription models for entertainment, so it follows that consumers will also invest in the technology to make it a slick anywhere experience, untethered to wires.
Retailers could play to this new appetite for experience with the launch of AR / VR services enabling consumers to see what the piece of furniture they want to buy looks like in their home or how that new shirt or dress virtually fits before they part with their money.
With business models shifting as a result of lockdown, this could lead to 5G supporting a company’s plans for growth and innovation in a way not conceived before, or certainly not at the scale envisaged.
Strange bedfellows
Delivering ultra-high bandwidth quickly and reliably, with an ability to scale applications is the challenge with 5G promises. However, the situation has created what some might see as strange bedfellows – the likes of Amazon and Azure partnering with the operators.
Most recently, Google has partnered with Telefonica in Spain to support digitalization strategies. It all makes perfect sense, given the complementary expertise and partnerships, to sell more 5G applications in a mobile edge cloud very close to the customer.
Yet, at a higher level there are still some pivotal questions to address. Most importantly, will this be a repeat of the 2000s, where service providers performed all the heavy lifting in LTE, but ceded all the application value, thus all the financial value, to monoliths like like Apple and Google?
There could be some tricky conversations to come, about exclusivity and who owns the customer and how the revenue is divided. Microsoft Azure, AWS and Google Cloud can all provide expertise in selling and scaling applications in the cloud. However, the service providers will bring their own expertise in ultra-low latency, wireless, video, voice, and data connectivity.
But how will the squabble over who owns security go? It’s still one of the biggest unresolved debates.
The service providers have built brands on near perfect 99.999 percent reliability. But if the cloud services are managed by the cloud providers, will AWS and Azure provide infrastructure and application security?
Will it be the same as, or different from, the service providers’ security architectures that already exist on the network? Would Telstra or Optus have visibility in their SOC (security operations center) to all threats to the multi-access Edge Computing (MEC) or do they need to pick up the phone and rely on the cloud provider?
From my viewpoint, the service provider will need to secure the MEC from both a network and application perspective north and south – in and out of the MEC cloud. They have built their brands on trust, security and reliability and will need to control the experience to retain brand value.
On the other hand, cloud service providers will need to provide their own application security on individual applications (perhaps via Openstack or Kubernetes) within the MEC cloud and between applications – an east to west scenario.
Doing this in combination will ensure the service provider’s reputation and brand. Service providers can leverage their existing security architectures and best in class technologies to make the MEC security part of their holistic management of the network by the SOC, while collaborating with the cloud providers to prevent any security threat contamination between cloud applications.
As a result, the cloud providers will be able to sell the value of security to the end customers, protect from east-west attacks within the cloud, and negotiate a business relationship with the service provider for this incremental revenue on the applications.
All this at a time when trust is becoming a dominant reason for choosing a brand. Our data and applications, and how they are protected and used, have never been so hotly debated.
So we must hope that we see some interesting implementations of 5G soon, and also see some carefully planned secure network innovation. Consumer and business confidence rests on it, and so does the success of 5G.